[dns-operations] A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Patrik Fältström paf at frobbit.se
Sun Feb 24 07:43:00 UTC 2019


On 24 Feb 2019, at 7:17, Bill Woodcock wrote:

> Longer-term, we’ve increased the amplitude of our badgering of Apple Product Security regarding DNSSEC and DANE validation in the OS, rather than via recursive resolver.  Both of those should be end-to-end, not dependent on an external resolver.

I would like to see one thing related to VPN, and that is to be able to say what apps on a phone (for example) can access internet when the VPN connection is down.

Default for me would be to "only" allow the browser to access Internet without VPN as that (unfortunately) is needed in a few wifi locations to get access.

I.e. just like the "allow this app to use mobile data", I would like to have "allow this app to work outside of VPN".

Together with of course easy "home"/"remote" modes. Where "home" can allow access without VPN while "remote" is much more strict.

   Patrik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190224/4c6e36b7/attachment.sig>


More information about the dns-operations mailing list